Security News > 2023 > September > Notepad++ 8.5.7 released with fixes for four security vulnerabilities
Notepad++ version 8.5.7 has been released with fixes for multiple buffer overflow zero-days, with one marked as potentially leading to code execution by tricking users into opening specially crafted files.
GitHub's security researcher Jaroslav Lobačevski reported the vulnerabilities in Notepad++ version 8.5.2 to the developers over the last couple of months.
The most severe of these flaws is CVE-2023-40031, assigned a CVSS v3 rating of 7.8, potentially leading to arbitrary code execution.
A user disputes that it would be possible to perform code execution using this flaw due to the type of error it is.
Eventually, on August 30, 2023, a public issue was created to acknowledge the problem, and fixes for the four flaws made it into the main code branch on September 3, 2023.
WinRAR zero-day exploited since April to hack trading accounts.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-25 | CVE-2023-40031 | Heap-based Buffer Overflow vulnerability in Notepad-Plus-Plus Notepad++ Notepad++ is a free and open-source source code editor. | 7.8 |